CVE-2020-23972

In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double...

CVE-2020-23972

CVE-2020-23972 : Joomla! GMapFP 3.5 is vulnerable to an arbitrary/unrestricted file upload. An unauthenticated attacker can access the upload function and upload files, bypassing restrictions by altering Content-Type and filename with double extensions. The Nuclei template confirms exploitation t...

JVN#88315581: Multiple cross-site scripting vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

Denial Of Service (DoS)

php7 is vulnerable to denial of service. When HTTP file uploads are allowed, overly long filenames or field names could cause the engine to allocate oversized memory storage and stop further processes when the memory limit is hit. This results in the accumulation of uncleaned temporary files...

Cross-Site Scripting (XSS)

Jenkins is vulnerable to cross-site scripting XSS. It does not set Content-Security-Policy headers for files uploaded as file parameters to a build, resulting in a stored XSS vulnerability...

EulerOS 2.0 SP8 : php (EulerOS-SA-2020-1821)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function...

GHSA-8M73-W2R2-6XXJ Insecure defaults in UmbracoForms

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...

Insecure defaults in UmbracoForms

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...

CVE-2020-15417

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted...

CVE-2020-10929

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue...

CVE-2020-7685

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...

Default configuration

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...

CVE-2020-15417

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted...

CVE-2020-15417

The CVE-2020-15417 issue affects NETGEAR R6700 devices (V1.0.4.84_10.0.58). A vulnerability in the handling of string table file uploads can overflow a fixed-length stack-based buffer in the web server, allowing network-adjacent attackers to execute arbitrary code without authentication. The root...

CVE-2020-10929

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue...

CVE-2020-7685 Insecure Defaults

This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...

PT-2020-19708 · Umbraco · Umbraco Forms

Name of the Vulnerable Software and Affected Versions: UmbracoForms versions all versions Description: The issue allows uploading arbitrary file types when using the default configuration for upload forms. Users can mitigate this by creating a custom workflow and frontend validation to block...

Insecure Defaults

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Insecure Defaults. When using the default configuration for upload forms, it is possible to upload arbitrary file types...

openSUSE Security Update : php7 (openSUSE-2020-847)

This update for php7 fixes the following issues : Security issue fixed : - CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads bsc1171999. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The...

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request,...